Apache Struts contains a vulnerability that allows for remote code execution under two circumstances. One, where the alwaysSelectFullNamespace option is true and the value isn’t set for a result defined in underlying configurations and in same time, its upper package configuration have no or wildcard namespace. Or, using URL tag which doesn’t have value and action set and in same time, its upper package configuration have no or wildcard namespace.

packetstorm 3

threatpost 20

redhatcve 1

ibm 8

nessus 7

dsquare 1

zdt 4

exploitpack 1

myhack58 3

checkpoint_advisories 1

ubuntucve 1

osv 2

exploitdb 3

cvelist 1

github 2

f5 1

cisco 1

nuclei 1

qualysblog 3

openvas 3

talosblog 1

kitploit 5

metasploit 1

veracode 1

prion 1

akamaiblog 1

krebs 1

trendmicroblog 1

nvd 1

attackerkb 3

cve 1

impervablog 2

githubexploit 5

thn 3

rapid7blog 1

fireeye 1

oracle 3

packetstorm

Apache Struts 2 Namespace Redirect OGNL Injection

2018-09-07 00:00:00

Apache Struts 2.3 / 2.5 Remote Code Execution

2018-08-26 00:00:00

Apache Struts 2.3 / 2.5 Remote Code Execution

2018-08-25 00:00:00

threatpost

Audit of GitHub SSH Keys Finds Many Still Vulnerable to Old Debian Bug

2015-06-03 07:37:04

Army Research Lab Releases Dshell Forensics Framework

2015-01-30 10:59:44

Slack Plugs Token Security Hole

2016-04-30 07:25:42

redhatcve

CVE-2018-11776

2018-08-22 08:49:33

ibm

Security Bulletin: Content Collector for Email, File Systems, Microsoft SharePoint and IBM Connections are affected by a publicly disclosed vulnerability found by vFinder: Eclipse Jetty

2018-11-12 12:55:02

Security Bulletin: A vulnerability in Apache Struts affects the IBM FlashSystem 840 and 900

2023-02-18 01:45:50

Security Bulletin: Vulnerability in Apache Struts affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (CVE-2018-11776)

2023-03-29 01:48:02

nessus

Apache Struts CVE-2018-11776 Results With No Namespace Remote Code Execution (S2-057) (remote)

2018-08-23 00:00:00

Cisco Unified Communication Manager Apache Struts RCE (CSCvm14042)

2018-09-05 00:00:00

Apache Struts CVE-2018-11776 Results With No Namespace Possible Remote Code Execution (S2-057)

2018-08-22 00:00:00

dsquare

Apache Struts 2 Multiple Tags Result Namespace Handling RCE

2018-10-20 00:00:00

zdt

Apache Struts 2.3 < 2.3.34 / 2.5 < 2.5.16 - Remote Code Execution (1) Exploit

2018-08-28 00:00:00

Apache Struts 2.3 < 2.3.34 / 2.5 < 2.5.16 - Remote Code Execution (2) Exploit

2018-08-28 00:00:00

Apache Struts 2 Namespace Redirect OGNL Injection Exploit

2018-09-08 00:00:00

exploitpack

Apache Struts 2.3 2.3.34 2.5 2.5.16 - Remote Code Execution (1)

2018-08-26 00:00:00

myhack58

Apache Struts2 S2-057 vulnerability analysis and early warning-vulnerability warning-the black bar safety net

2018-08-23 00:00:00

Apache Struts OGNL injection vulnerability principle with an example-vulnerability warning-the black bar safety net

2019-03-30 00:00:00

S2-057 vulnerability in the original author's README: how to use automated tools find 5 RCE-vulnerability warning-the black bar safety net

2018-08-23 00:00:00

checkpoint_advisories

Apache Struts Remote Code Execution (CVE-2018-11776)

2018-08-23 00:00:00

ubuntucve

CVE-2018-11776

2018-08-22 00:00:00

osv

CVE-2018-11776

2018-08-22 13:29:00

Apache Struts vulnerable to remote command execution (RCE) due to improper input validation

2018-10-18 19:24:38

exploitdb

Apache Struts 2.3 < 2.3.34 / 2.5 < 2.5.16 - Remote Code Execution (1)

2018-08-26 00:00:00

Apache Struts 2.3 < 2.3.34 / 2.5 < 2.5.16 - Remote Code Execution (2)

2018-08-25 00:00:00

Apache Struts 2 - Namespace Redirect OGNL Injection (Metasploit)

2018-09-10 00:00:00

cvelist

CVE-2018-11776

2018-08-22 13:00:00

github

Apache Struts vulnerable to remote command execution (RCE) due to improper input validation

2018-10-18 19:24:38

Bypassing OGNL sandboxes for fun and charities

2023-01-27 16:00:49

K60499474 : Apache Struts vulnerability CVE-2018-11776

2018-08-24 00:00:00

cisco

Apache Struts Remote Code Execution Vulnerability Affecting Cisco Products: August 2018

2018-08-23 20:00:00

nuclei

Apache Struts2 S2-057 - Remote Code Execution

2021-02-24 04:29:30

qualysblog

Security News: Hackers Aim Ransomware at Big Cos., as Experts Call for Swift Patching of Struts Bug

2018-08-27 18:32:33

Detecting Apache Struts 2 Namespace RCE: CVE-2018-11776

2018-08-23 20:27:19

Managing CISA Known Exploited Vulnerabilities with Qualys VMDR

2022-02-23 05:39:00

openvas

Huawei Data Communication: Apache Struts2 S2-057 Remote Code Execution Vulnerability in Some Huawei Products (huawei-sa-20181121-01-struts2)

2020-06-05 00:00:00

Apache Struts Security Update (S2-057) - Version Check

2018-08-23 00:00:00

Apache Struts Security Update (S2-057) - Active Check

2018-08-27 00:00:00

talosblog

Connecting the dots between recently active cryptominers

2018-12-18 08:33:00

kitploit

Mitaka - A Browser Extension For OSINT Search

2019-09-21 12:00:00

Apache Struts v3 - Tool To Exploit 3 RCE Vulnerabilities On ApacheStruts

2018-08-26 21:14:00

Sn1per v7.0 - Automated Pentest Framework For Offensive Security Experts

2019-05-12 13:09:00

metasploit

Apache Struts 2 Namespace Redirect OGNL Injection

2018-08-31 18:48:22

veracode

Remote Code Execution (RCE)

2018-08-22 17:36:38

prion

Remote code execution

2018-08-22 13:29:00

akamaiblog

Web Application and API Protection -- From SQL Injection to Magecart

2020-09-09 13:00:00

krebs

Experts Urge Rapid Patching of ‘Struts’ Bug

2018-08-23 20:22:35

trendmicroblog

Server Security for the Modern IT Ecosystem

2019-01-03 15:30:46

nvd

CVE-2018-11776

2018-08-22 13:29:00

attackerkb

CVE-2018-11776

2018-08-22 00:00:00

CVE-2019-0230

2020-09-14 00:00:00

CVE-2022-26134

2022-06-03 00:00:00

cve

CVE-2018-11776

2018-08-22 13:29:00

impervablog

Read: Apache Struts Patches ‘Critical Vulnerability’ CVE-2018-11776

2018-08-23 14:25:36

The World’s Most Popular Coding Language Happens to be Most Hackers’ Weapon of Choice

2018-09-26 16:18:36

githubexploit

Exploit for Injection in Atlassian Confluence

2021-10-06 23:24:24

Exploit for Injection in Atlassian Confluence

2021-10-06 23:24:24

Exploit for Injection in Atlassian Confluence

2021-10-06 23:24:24

thn

New Apache Struts RCE Flaw Lets Hackers Take Over Web Servers

2018-08-22 14:04:00

Cisco Issues Security Patch Updates for 32 Flaws in its Products

2018-09-06 08:45:00

Top 15 Vulnerabilities Attackers Exploited Millions of Times to Hack Linux Systems

2021-08-23 13:27:00

rapid7blog

Active Exploitation of Confluence CVE-2022-26134

2022-06-02 23:27:15

fireeye

Think Fast: Time Between Disclosure, Patch Release and Vulnerability Exploitation — Intelligence for Vulnerability Management, Part Two

2020-04-13 00:00:00

oracle

Oracle Critical Patch Update Advisory - January 2019

2019-01-15 00:00:00

Oracle Critical Patch Update - October 2018

2018-12-18 00:00:00

Oracle Critical Patch Update Advisory - July 2020

2020-07-14 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

0.975

Percentile

100.0%

JSON

Related for CISA-KEV-CVE-2018-11776